Microsoft No Longer a 'Laughingstock' of Security?

Toreo asesino writes "In a Q&A with Scott Charney, the vice president of Trustworthy Computing at Microsoft, Charney suggests that security in Microsoft products has moved on from being the 'laughing stock' of the IT industry to something more respectable. He largely attributes this to the new Security Development Lifecycle implemented in development practices nearly six years ago. 'The challenge is really quite often in dealing with unrealistic expectations. We still have vulnerabilities in our code, and we'll never reduce them to zero. So sometimes we will have a vulnerability and people say to me, "So the [Security Development Lifecycle (SDL)] is a failure right?" No it isn't. It was our aspirational goal that the SDL will get rid of every bug.'"

Re:I say, set a standard

The only thing OpenBSD sets a standard for is having a complete cockshiner in charge of the project.

If you want a project with a world class cock wallet in charge, look to OpenBSD.

It's SO right nobody on /. proves otherwise

See this URL where over 30++ /.'ers ran from a challenge regarding Windows vs. Linux security, in a thread post here on /., regarding "Hardening Linux" no less:

SLASHDOT POST ABOUT "HARDENING LINUX":

http://it.slashdot.org/comments.pl?sid=267599&threshold=-1&commentsort=0&mode=thread&cid=20203061

(That's where no *NIX person here on this site, & others, could do a better job on a multiplatform test of security based on best practices for each OS platform than a Windows Server 2003 user could!)

The *NIX folks were challenged on this site, who stated things along the lines of:

"(Insert *NIX variant here) is more secure OR securable than Windows"

& then, this image which backs it:

http://img.techpowerup.org/070828/APK_AToutLeMonde_85.185CISToolScorePhotoProof.jpg

Which proves the test results on a multiplatform test of security called "CIS TOOL" (by the center for internet security) which has been noted as a tool to help secure yourself by BOTH Computerworld & SANS (sites often cited here on /. no less, regarding security data):

Here is the outline for achieving that 85.185 score on CIS TOOL, for Windows users:

http://forums.techpowerup.com/showthread.php?p=375355#post375355

It works & so much so, it tends to "silence the F.U.D." spreaders here on /. about Windows vs. Linux (even SeLinux &/or BSD variants as well) regarding securability of them all, since nobody from /. has exceeded that score a Windows Server 2003 user achieves on it, despite their constant "Windows is not secure as *NIX" fud.

Seems the only person able to do what you stated here:

Now we just snicker and giggle! - by Mikkeles (698461) on Friday September 21, @10:53AM (#20696367) Is the person who made the FUD spreaders @ /., look extremely foolish & unable to back up their b.s....

Re:I say, set a standard

[0p7imu5_P2im3]

The only thing OpenBSD sets a standard for is having a complete cockshiner in charge of the project.

If you want a project with a world class cock wallet in charge, look to OpenBSD. ... or look to Microsoft...

Fewer logical fallacies, please.

[mattgreen]

All I see is hand-waving "I bet there are tons of unpatched holes in IIS" sentiments in your post. I'd like to see proof that there exist unpatched IIS holes, not vacuous appeals to emotion.

You're perfectly aware if you'd said the same thing about Apache you'd be flamed to hell and back around here. I'm just keeping you intellectually honest.

Mod Parent UP!!!

People here need to stop modding down the truth as Troll.